You might have thought that Apple would have been working on trying to fix up iOS right after an 18-year-old publicly executed a nasty exploit that could make the host device do supposedly anything from a click of a web link: call 911 repeatedly, send torrents of emails and performing other JavaScript tasks to do so much.

Well, it turns out that after doing a little more digging, one Collin Mulliner has been able to replicate the bug that the Arizona teenager put out. He was able to figure out how iOS apps that use the in-built WebView browser to display external webpages are vulnerable to a bug that traces back to iPhone OS 3. You know, before when the iPad and iPod touch got into the family.

Nowadays, when your iPhone reads the HTML of any page on Safari, it’s supposed to make sure you want to call the number requested through a dialog prompt. It used to simply dial and call the number upon read. Apple did patch this bug, but it has neglected to do so for the WebView browser.

That means that if you click on, say, a Facebook or Twitter link to a page coded in such a way, you are at peril with whatever the HTML code makes your phone do. In Mulliner’s simulated case, it is to call a certain number and lock out any input into the phone through a mix of bogging the phone with too much information at the same time.

Mulliner, who was able to use a bug he had in 2008 to work with an app with WebView in 2016, contacted both Twitter and Apple. The developer also has a bounty cap on his way.

You May Also Like

Amazon and B&H Memorial Day deals are available today

Today’s Memorial Day deals come from Amazon and B&H where we find Apple’s 16-inch MacBook Pro, and products from Samsung, Microsoft and more